kdb5_ldap_realm.c revision 54925bf60766fbb4f1f2d7c843721406a7b7a3fb
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
*
* Copyright 1990,1991,2001, 2002 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*/
/*
* Copyright (C) 1998 by the FundsXpress, INC.
*
* All rights reserved.
*
* Export of this software from the United States of America may require
* a specific license from the United States Government. It is the
* responsibility of any person or organization contemplating export to
* obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of FundsXpress. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. FundsXpress makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
/* Copyright (c) 2004-2005, Novell, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* * The copyright holder's name is not used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/*
* Create / Modify / Destroy / View / List realm(s)
*/
/* Needed for getting the definition of KRB5_TL_DB_ARGS */
#define SECURID
#include <stdio.h>
#include <k5-int.h>
#include <libintl.h>
#include <locale.h>
#include "kdb5_ldap_util.h"
#include "kdb5_ldap_list.h"
#include <ldap_principal.h>
#include <ldap_krbcontainer.h>
struct realm_info rblock = {
(krb5_keyblock *) NULL,
1,
};
krb5_data tgt_princ_entries[] = {
{0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME},
{0, 0, 0} };
krb5_data db_creator_entries[] = {
{0, sizeof("db_creation")-1, "db_creation"} };
static krb5_principal_data db_create_princ = {
0, /* magic number */
{0, 0, 0}, /* krb5_data realm */
db_creator_entries, /* krb5_data *data */
1, /* int length */
KRB5_NT_SRV_INST /* int type */
};
extern char *mkey_password;
extern char *progname;
extern kadm5_config_params global_params;
static krb5_error_code krb5_dbe_update_mod_princ_data_new (krb5_context context, krb5_db_entry *entry, krb5_timestamp mod_date, krb5_const_principal mod_princ);
static krb5_error_code krb5_dbe_update_tl_data_new ( krb5_context context, krb5_db_entry *entry, krb5_tl_data *new_tl_data);
int *i;
char *argv[];
int argc;
{
int mask = 0;
krb5_error_code retval = 0;
if (++(*i) > argc-1)
goto err_usage;
goto err_nomsg;
}
}
if (++(*i) > argc-1)
goto err_usage;
goto err_nomsg;
}
if (*(argv[*i]) == '+')
else if (*(argv[*i]) == '-')
else
goto err_usage;
if (*(argv[*i]) == '+')
else if (*(argv[*i]) == '-')
else
goto err_usage;
if (*(argv[*i]) == '+')
else if (*(argv[*i]) == '-')
else
goto err_usage;
if (*(argv[*i]) == '+')
else if (*(argv[*i]) == '-')
else
goto err_usage;
if (*(argv[*i]) == '+')
else if (*(argv[*i]) == '-')
else
goto err_usage;
}
if (*(argv[*i]) == '+')
else if (*(argv[*i]) == '-')
else
goto err_usage;
if (*(argv[*i]) == '+')
else if (*(argv[*i]) == '-')
else
goto err_usage;
if (*(argv[*i]) == '+')
else if (*(argv[*i]) == '-')
else
goto err_usage;
if (*(argv[*i]) == '+')
else if (*(argv[*i]) == '-')
else
goto err_usage;
if (*(argv[*i]) == '+')
else if (*(argv[*i]) == '-')
else
goto err_usage;
if (*(argv[*i]) == '+')
else if (*(argv[*i]) == '-')
else
goto err_usage;
if (*(argv[*i]) == '+')
else if (*(argv[*i]) == '-')
else
goto err_usage;
}
print_usage = TRUE;
return mask;
}
/*
* This function will create a realm on the LDAP Server, with
* the specified attributes.
*/
int argc;
char *argv[];
{
krb5_error_code retval = 0;
char *oldcontainerref=NULL;
char pw_str[1024];
int do_stash = 0;
int i = 0;
#ifdef HAVE_EDIRECTORY
int rightsmask = 0;
#endif
sizeof(krb5_ldap_realm_params));
goto cleanup;
}
/* Parse the arguments */
for (i = 1; i < argc; i++) {
if (++i > argc-1)
goto err_usage;
goto cleanup;
}
goto cleanup;
}
rparams->subtreecount=0;
(rparams->subtreecount)++;
/* dont allow subtree value to be set at the root(NULL, "") of the tree */
gettext("for subtree while creating realm '%s'"),
goto err_nomsg;
}
if (++i > argc-1)
goto err_usage;
/* dont allow containerref value to be set at the root(NULL, "") of the tree */
gettext("for container reference while creating realm '%s'"),
goto err_nomsg;
}
goto cleanup;
}
if (++i > argc-1)
goto err_usage;
/* Possible values for search scope are
* one (or 1) and sub (or 2)
*/
} else {
gettext("invalid search scope while creating realm '%s'"),
goto err_nomsg;
}
}
}
#ifdef HAVE_EDIRECTORY
if (++i > argc-1)
goto err_usage;
sizeof(char *) * MAX_LIST_ENTRIES);
goto cleanup;
}
rparams->kdcservers))) {
goto cleanup;
}
if (++i > argc-1)
goto err_usage;
sizeof(char *) * MAX_LIST_ENTRIES);
goto cleanup;
}
rparams->adminservers))) {
goto cleanup;
}
if (++i > argc-1)
goto err_usage;
sizeof(char *) * MAX_LIST_ENTRIES);
goto cleanup;
}
rparams->passwdservers))) {
goto cleanup;
}
}
#endif
do_stash = 1;
}
else {
goto err_usage;
}
}
* default values and also add to the list of supported
*/
if (!mkey_password) {
unsigned int pw_size;
if (retval) {
goto err_nomsg;
}
}
/* We are sure that 'mkey_password' is a regular string ... */
goto cleanup;
}
goto err_nomsg;
}
if (!ldap_context) {
goto cleanup;
}
/* read the kerberos container */
/* Prompt the user for entering the DN of Kerberos container */
int krb_location_len = 0;
/* Read the kerberos container location from configuration file */
if (ldap_context->conf_section) {
"ldap_kerberos_container_dn", NULL,
goto cleanup;
}
}
"ldap_kerberos_container_dn", NULL,
goto cleanup;
}
}
#ifdef HAVE_EDIRECTORY
#else
#endif
/* Remove the newline character at the end */
}
/* If the user has not given any input, take the default location */
else if (krb_location[0] == '\0')
else
} else
}
/* create the kerberos container */
if (retval)
goto cleanup;
&(ldap_context->krbcontainer));
if (retval) {
goto cleanup;
}
} else if (retval) {
goto cleanup;
}
goto cleanup;
}
/* We just created the Realm container. Here starts our transaction tracking */
&(ldap_context->lrparams),
&mask))) {
goto err_nomsg;
}
goto cleanup;
}
/* assemble & parse the master key name */
0, &master_princ))) {
goto err_nomsg;
}
/* Obtain master key from master password */
{
if (retval) {
goto err_nomsg;
}
if (master_salt.data)
if (retval) {
goto err_nomsg;
}
}
goto cleanup;
}
/* Create special principals inside the realm subtree */
{
char princ_name[MAX_PRINC_SIZE];
0, /* magic number */
{0, 0, 0}, /* krb5_data realm */
tgt_princ_entries, /* krb5_data *data */
2, /* int length */
KRB5_NT_SRV_INST /* int type */
};
/* The container reference value is set to NULL, to avoid service principals
* getting created within the container reference at realm creation */
}
/* Create 'K/M' ... */
goto err_nomsg;
}
/* Create 'krbtgt' ... */
goto err_nomsg;
}
/*
* Solaris Kerberos:
* in AUTH_GSSAPI but Solaris doesn't support AUTH_GSSAPI. RPCSEC_GSS can only
* be used with host-based principals.
*
*/
#if 0 /* ************ Begin IFDEF'ed OUT ***************************** */
goto err_nomsg;
}
goto err_nomsg;
}
#endif /* ************** END IFDEF'ed OUT ***************************** */
goto err_nomsg;
}
goto err_nomsg;
}
goto err_nomsg;
}
goto err_nomsg;
}
/* Create 'kadmin/<hostname>' ... */
if ((retval=krb5_sname_to_principal(util_context, NULL, KADM5_ADMIN_HOST_SERVICE, KRB5_NT_SRV_HST, &p))) {
goto err_nomsg;
}
goto err_nomsg;
}
/* change the realm portion to the default realm */
goto err_nomsg;
}
goto err_nomsg;
}
/* Solaris Kerberos: Create 'changepw/<hostname>' ... */
if ((retval=krb5_sname_to_principal(util_context, NULL, KADM5_CHANGEPW_HOST_SERVICE, KRB5_NT_SRV_HST, &p))) {
goto err_nomsg;
}
goto err_nomsg;
}
/* change the realm portion to the default realm */
goto err_nomsg;
}
goto err_nomsg;
}
if (oldcontainerref != NULL) {
}
}
#ifdef HAVE_EDIRECTORY
(mask & LDAP_REALM_PASSWDSERVERS)) {
rightsmask =0;
goto err_nomsg;
}
}
}
rightsmask = 0;
goto err_nomsg;
}
}
}
rightsmask = 0;
goto err_nomsg;
}
}
}
}
#endif
/* The Realm creation is completed. Here is the end of transaction */
/* Stash the master key only if '-s' option is specified */
&master_keyblock, NULL);
if (retval) {
}
}
goto cleanup;
print_usage = TRUE;
/* If the Realm creation is not complete, do the roll-back here */
if ((realm_obj_created) && (!create_complete))
if (rparams)
if (print_usage)
if (retval) {
if (!no_msg) {
}
exit_status++;
}
return;
}
/*
* This function will modify the attributes of a given realm object
*/
int argc;
char *argv[];
{
krb5_error_code retval = 0;
int i = 0;
#ifdef HAVE_EDIRECTORY
int j = 0;
char *list[MAX_LIST_ENTRIES];
int existing_entries = 0, list_entries = 0;
char **oldadmindns = NULL;
char **newsubtrees = NULL;
char **newadmindns = NULL;
char **oldsubtrees = {NULL};
int rightsmask = 0;
int subtree_changed = 0;
#endif
if (!(ldap_context)) {
goto cleanup;
}
&(ldap_context->krbcontainer)))) {
goto err_nomsg;
}
if (retval)
goto cleanup;
/* Parse the arguments */
for (i = 1; i < argc; i++) {
int k = 0;
if (++i > argc-1)
goto err_usage;
if (rmask & LDAP_REALM_SUBTREE) {
#ifdef HAVE_EDIRECTORY
if (oldsubtrees == NULL) {
goto cleanup;
}
if( oldsubtrees[k] == NULL ) {
goto cleanup;
}
}
#endif
rparams->subtreecount=0;
}
}
goto cleanup;
}
goto cleanup;
}
rparams->subtreecount=0;
(rparams->subtreecount)++;
/* dont allow subtree value to be set at the root(NULL, "") of the tree */
gettext("for subtree while modifying realm '%s'"),
goto err_nomsg;
}
if (++i > argc-1)
goto err_usage;
/* dont allow containerref value to be set at the root(NULL, "") of the tree */
gettext("for container reference while modifying realm '%s'"),
goto err_nomsg;
}
goto cleanup;
}
if (++i > argc-1)
goto err_usage;
/* Possible values for search scope are
* one (or 1) and sub (or 2)
*/
} else {
gettext("specified for search scope while modifying information of realm '%s'"),
goto err_nomsg;
}
}
}
#ifdef HAVE_EDIRECTORY
if (++i > argc-1)
goto err_usage;
if (!oldkdcdns) {
/* Store the old kdc dns list for removing rights */
goto cleanup;
}
goto cleanup;
}
}
}
}
sizeof(char *) * MAX_LIST_ENTRIES);
goto cleanup;
}
rparams->kdcservers))) {
goto cleanup;
}
/* Going to replace the existing value by this new value. Hence
* setting flag indicating that add or clear options will be ignored
*/
newkdcdn = 1;
if (++i > argc-1)
goto err_usage;
if (!oldkdcdns) {
/* Store the old kdc dns list for removing rights */
goto cleanup;
}
goto cleanup;
}
}
}
goto cleanup;
}
}
if (++i > argc-1)
goto err_usage;
if (!newkdcdn) {
/* Store the old kdc dns list for removing rights */
goto cleanup;
}
goto cleanup;
}
}
}
goto cleanup;
}
if (rmask & LDAP_REALM_KDCSERVERS) {
goto cleanup;
}
} else {
goto cleanup;
}
}
}
if (++i > argc-1)
goto err_usage;
if (!oldadmindns) {
/* Store the old admin dns list for removing rights */
if (oldadmindns == NULL) {
goto cleanup;
}
if (oldadmindns[j] == NULL) {
goto cleanup;
}
}
oldadmindns[j] = NULL;
}
}
sizeof(char *) * MAX_LIST_ENTRIES);
goto cleanup;
}
rparams->adminservers))) {
goto cleanup;
}
/* Going to replace the existing value by this new value. Hence
* setting flag indicating that add or clear options will be ignored
*/
newadmindn = 1;
if (++i > argc-1)
goto err_usage;
if (!oldadmindns) {
/* Store the old admin dns list for removing rights */
if (oldadmindns == NULL) {
goto cleanup;
}
if (oldadmindns[j] == NULL) {
goto cleanup;
}
}
oldadmindns[j] = NULL;
}
goto cleanup;
}
}
if (++i > argc-1)
goto err_usage;
if (!newadmindn) {
/* Store the old admin dns list for removing rights */
if (oldadmindns == NULL) {
goto cleanup;
}
if (oldadmindns[j] == NULL) {
goto cleanup;
}
}
oldadmindns[j] = NULL;
}
goto cleanup;
}
if (rmask & LDAP_REALM_ADMINSERVERS) {
goto cleanup;
}
} else {
goto cleanup;
}
}
}
if (++i > argc-1)
goto err_usage;
if (!oldpwddns) {
/* Store the old pwd dns list for removing rights */
goto cleanup;
}
goto cleanup;
}
}
}
}
sizeof(char *) * MAX_LIST_ENTRIES);
goto cleanup;
}
rparams->passwdservers))) {
goto cleanup;
}
/* Going to replace the existing value by this new value. Hence
* setting flag indicating that add or clear options will be ignored
*/
newpwddn = 1;
if (++i > argc-1)
goto err_usage;
if (!oldpwddns) {
/* Store the old pwd dns list for removing rights */
goto cleanup;
}
goto cleanup;
}
}
}
goto cleanup;
}
}
if (++i > argc-1)
goto err_usage;
if (!newpwddn) {
/* Store the old pwd dns list for removing rights */
goto cleanup;
}
goto cleanup;
}
}
}
goto cleanup;
}
if (rmask & LDAP_REALM_PASSWDSERVERS) {
goto cleanup;
}
} else {
goto cleanup;
}
}
}
}
#endif
} else {
goto err_usage;
}
}
goto cleanup;
}
#ifdef HAVE_EDIRECTORY
if (!(mask & LDAP_REALM_SUBTREE)) {
if( oldsubtrees[i] == NULL ) {
goto cleanup;
}
}
}
}
if ((mask & LDAP_REALM_SUBTREE)) {
int check_subtree = 1;
if (newsubtrees == NULL) {
goto cleanup;
}
if (newsubtrees[j] == NULL) {
goto cleanup;
}
}
newsubtrees[j] = NULL;
}
for(j=0;oldsubtrees[j]!=NULL;j++) {
check_subtree = 1;
check_subtree = 0;
continue;
}
}
if (check_subtree != 0) {
break;
}
}
/* this will return list of the disjoint members */
}
goto cleanup;
}
goto cleanup;
}
}
}
if (!subtree_changed) {
} else { /* Only the subtrees was changed. Remove the rights on the old subtrees. */
if (!(mask & LDAP_REALM_KDCSERVERS)) {
goto cleanup;
}
goto cleanup;
}
}
}
}
}
rightsmask =0;
/* Remove the rights on the old subtrees */
if (oldkdcdns) {
goto err_nomsg;
}
}
}
rightsmask =0;
if (newkdcdns) {
goto err_nomsg;
}
}
}
}
if (newadmindns == NULL) {
goto cleanup;
}
if (newadmindns[j] == NULL) {
goto cleanup;
}
}
newadmindns[j] = NULL;
}
if (!subtree_changed) {
} else { /* Only the subtrees was changed. Remove the rights on the old subtrees. */
if (!(mask & LDAP_REALM_ADMINSERVERS)) {
if (oldadmindns == NULL) {
goto cleanup;
}
if (oldadmindns[j] == NULL) {
goto cleanup;
}
}
oldadmindns[j] = NULL;
}
}
}
rightsmask = 0;
/* Remove the rights on the old subtrees */
if (oldadmindns) {
for (i=0; (oldadmindns[i] != NULL); i++) {
goto err_nomsg;
}
}
}
rightsmask = 0;
/* Add rights on the new subtree for all the kdc dns */
if (newadmindns) {
for (i=0; (newadmindns[i] != NULL); i++) {
goto err_nomsg;
}
}
}
}
goto cleanup;
}
goto cleanup;
}
}
}
if (!subtree_changed) {
} else { /* Only the subtrees was changed. Remove the rights on the old subtrees. */
if (!(mask & LDAP_REALM_ADMINSERVERS)) {
goto cleanup;
}
goto cleanup;
}
}
}
}
}
rightsmask =0;
/* Remove the rights on the old subtrees */
if (oldpwddns) {
goto err_nomsg;
}
}
}
rightsmask =0;
/* Add rights on the new subtree for all the kdc dns */
if (newpwddns) {
goto err_nomsg;
}
}
}
}
}
#endif
goto cleanup;
print_usage = TRUE;
#ifdef HAVE_EDIRECTORY
if (oldkdcdns) {
}
if (oldpwddns) {
}
if (oldadmindns) {
for (i=0; oldadmindns[i] != NULL; i++)
free(oldadmindns[i]);
}
if (newkdcdns) {
}
if (newpwddns) {
}
if (newadmindns) {
for (i=0; newadmindns[i] != NULL; i++)
free(newadmindns[i]);
}
if (oldsubtrees) {
for (i=0;oldsubtrees[i]!=NULL; i++)
free(oldsubtrees[i]);
}
if (newsubtrees) {
for (i=0;newsubtrees[i]!=NULL; i++)
free(newsubtrees[i]);
}
#endif
if (print_usage) {
}
if (retval) {
if (!no_msg)
exit_status++;
}
return;
}
/*
* This function displays the attributes of a Realm
*/
int argc;
char *argv[];
{
krb5_error_code retval = 0;
int mask = 0;
if (!(ldap_context)) {
exit_status++;
return;
}
/* Read the kerberos container information */
&(ldap_context->krbcontainer))) != 0) {
exit_status++;
return;
}
exit_status++;
return;
}
return;
}
{
static char out[50];
if (duration < 0) {
duration *= -1;
neg = 1;
} else
neg = 0;
duration %= 3600;
duration %= 60;
return out;
}
/*
* This function prints the attributes of a given realm to the
* standard output.
*/
{
int num_entry_printed = 0, i = 0;
/* Print the Realm Attributes on the standard output */
if (mask & LDAP_REALM_SUBTREE) {
}
if (mask & LDAP_REALM_CONTREF)
if (mask & LDAP_REALM_SEARCHSCOPE) {
} else {
}
}
if (mask & LDAP_REALM_KDCSERVERS) {
num_entry_printed = 0;
if (num_entry_printed)
else
}
}
if (num_entry_printed == 0)
printf("\n");
}
if (mask & LDAP_REALM_ADMINSERVERS) {
num_entry_printed = 0;
if (num_entry_printed)
else
}
}
if (num_entry_printed == 0)
printf("\n");
}
if (mask & LDAP_REALM_PASSWDSERVERS) {
num_entry_printed = 0;
if (num_entry_printed)
else
}
}
if (num_entry_printed == 0)
printf("\n");
}
if (mask & LDAP_REALM_MAXTICKETLIFE) {
}
if (mask & LDAP_REALM_MAXRENEWLIFE) {
}
if (mask & LDAP_REALM_KRBTICKETFLAGS) {
if (ticketflags & KRB5_KDB_DISALLOW_SVR)
printf("\n");
}
return;
}
/*
* This function lists the Realm(s) present under the Kerberos container
* on the LDAP Server.
*/
int argc;
char *argv[];
{
krb5_error_code retval = 0;
if (!(ldap_context)) {
exit_status++;
return;
}
/* Read the kerberos container information */
&(ldap_context->krbcontainer))) != 0) {
exit_status++;
return;
}
if (retval != 0) {
exit_status++;
return;
}
/* This is to handle the case of realm not present */
return;
}
}
return;
}
/*
* Duplicating the following two functions here because
* 'krb5_dbe_update_tl_data' uses backend specific memory allocation. The catch
* here is that the backend is not initialized - kdb5_ldap_util doesn't go
* through DAL.
* 1. krb5_dbe_update_tl_data
* 2. krb5_dbe_update_mod_princ_data
*/
/* Start duplicate code ... */
static krb5_error_code
{
/* copy the new data first, so we can fail cleanly if malloc()
* fails */
/*
if ((tmp =
(krb5_octet *) krb5_db_alloc(context, NULL,
new_tl_data->tl_data_length)) == NULL)
*/
return (ENOMEM);
/* Find an existing entry of the specified type and point at
* it, or NULL if not found */
break;
}
/* if necessary, chain a new record in the beginning and point at it */
if (!tl_data) {
/*
if ((tl_data =
(krb5_tl_data *) krb5_db_alloc(context, NULL,
sizeof(krb5_tl_data)))
== NULL) {
*/
return (ENOMEM);
}
}
/* fill in the record */
if (tl_data->tl_data_contents)
return (0);
}
static krb5_error_code
{
krb5_error_code retval = 0;
krb5_octet * nextloc = 0;
char * unparse_mod_princ = 0;
unsigned int unparse_mod_princ_size;
return(retval);
== NULL) {
return(ENOMEM);
}
/* Mod Date */
/* Mod Princ */
return(retval);
}
static krb5_error_code
{
struct iterate_args *iargs;
kret = 0;
/*
* Convert the master key password into a key for this particular
* encryption system.
*/
if (kret)
return kret;
/*if (!(kret = krb5_dbe_create_key_data(iargs->ctx, iargs->dbentp))) {*/
(sizeof(krb5_key_data) *
return (ENOMEM);
&key))) {
&key,
NULL,
1,
}
/*}*/
return(kret);
}
/* End duplicate code */
/*
* This function creates service principals when
* creating the realm object.
*/
static int
struct realm_info *pblock;
{
int nentry=1;
long mask = 0;
int kvno = 0;
struct iterate_args iargs;
goto cleanup;
}
if (!(ldap_context)) {
goto cleanup;
}
goto cleanup;
}
goto cleanup;
}
curr += 1;
currlen = 2;
mask |= KADM5_PRINCIPAL;
mask |= KADM5_ATTRIBUTES ;
mask |= KADM5_MAX_LIFE ;
mask |= KADM5_MAX_RLIFE ;
mask |= KADM5_KEY_DATA;
/* Set the creator's name */
{
goto cleanup;
now, &db_create_princ)))
goto cleanup;
}
goto cleanup;
switch (op) {
case TGT_KEY:
/* Allocate memory for storing the key */
sizeof(krb5_key_data))) == NULL) {
goto cleanup;
}
entry.n_key_data++;
if (retval) {
goto cleanup;
}
if (retval) {
goto cleanup;
}
} else {
/*retval = krb5_c_make_random_key(context, 16, &key) ;*/
/*
* list, ignoring salt types.
*/
1,
(krb5_pointer) &iargs)))
return retval;
}
break;
case MASTER_KEY:
/* Allocate memory for storing the key */
sizeof(krb5_key_data))) == NULL) {
goto cleanup;
}
entry.n_key_data++;
if (retval) {
goto cleanup;
}
break;
case NULL_KEY:
default:
break;
} /* end of switch */
if (retval) {
goto cleanup;
}
return retval;
}
/*
* This function destroys the realm object and the associated principals
*/
void
int argc;
char *argv[];
{
extern char *optarg;
extern int optind;
int optchar = 0;
char buf[5] = {0};
krb5_error_code retval = 0;
int force = 0;
int mask = 0;
#ifdef HAVE_EDIRECTORY
int i = 0, rightsmask = 0;
#endif
/* Solaris Kerberos: to remove stash file */
char *stash_file = NULL;
optind = 1;
switch (optchar) {
case 'f':
force++;
break;
case '?':
default:
return;
/*NOTREACHED*/
}
}
if (!force) {
exit_status++;
return;
}
exit_status++;
return;
}
}
if (!(ldap_context)) {
exit_status++;
return;
}
/* Read the kerberos container from the LDAP Server */
&(ldap_context->krbcontainer))) != 0) {
exit_status++;
return;
}
/* Read the Realm information from the LDAP Server */
exit_status++;
return;
}
#ifdef HAVE_EDIRECTORY
(mask & LDAP_REALM_PASSWDSERVERS)) {
rightsmask = 0;
return;
}
}
}
rightsmask = 0;
return;
}
}
}
rightsmask = 0;
return;
}
}
}
}
#endif
/* Delete the realm container and all the associated principals */
if (retval) {
exit_status++;
return;
}
/*
* Solaris Kerberos: check for a stash file and delete it if necessary
* This behavior exists in the Solaris version of kdb5_util destroy.
*/
} else {
gettext("can not determine stash file name for '%s'"),
exit_status++;
return;
}
} else {
}
/* Make sure stash_file is a regular file before unlinking */
(void)unlink(stash_file);
} else {
gettext("stash file '%s' not a regular file, can not delete"),
exit_status++;
return;
}
/*
* If the error is something other than the file doesn't exist set an
* error.
*/
gettext("could not stat stash file '%s', could not delete"),
exit_status++;
return;
}
return;
}